Ramen Junkie

Encryption and You…

encryption-imageThere seems to be an endless stream of stories about how the UK wants to ban the use of encryption on the Internet.  It’s hard to say what this says about the UK officials, since banning encryption is essentially impossible without completely breaking the Internet.

Well, technically it could be done, but you wouldn’t want to be on this Internet anymore for anything requiring security.

So a quick rundown on just what encryption is.  Let’s say you send data cross the Internet, an email, a tweet, e bank password, a credit card number for buying something on Amazon.  Without any sort of encryption, data is simply converted into bits, and sent from router to router to the machine on the other end.  Capturing this traffic as it flows across the Internet is actually fairly easy.

There was a very famous exploit plug in a few years ago called FireBug.  Firebug would sniff the local network for the log in cookies used by Facebook and snatch them out of the air (so to speak) and allow the user of Firebug to access the Facebook account of anyone else on the local network.  This was before Facebook encrypted the data for it’s log in information, so the cookie was just flowing across the network.  The cookie data basically is a way for Facebook to know “yes, this , but it will person has logged in and this is who they are” so you don’t have to enter your password every time.

Because Facebook switched to SSL Encryption for their log in data, these cookies are now encrypted as they pass through the internet.  You may still be able to snatch the cookie but it will be a garbled mess of gibberish.

Now imagine if your bank or Amazon didn’t use encryption.  The same methods used by Firebug could be used to pull your bank or credit card data.

This is why encryption is important and used every day.

But how does it work.  When you connect to a remote website, your computer and the website exchange keys for translating the encrypted data.  This means the data can only be read by your computer or the remote website.  An extremely simple example, Let’s say the “key” is “13” and the “algorithm” is “ROT13”.  The data would be translated by moving all of the letters in a data packet by 13, hence ROT 13 (Rotate 13).  The phrase “My name is Josh” becomes “Zl nzar vfWb fu”.  Now, this is a very very very simplified example.  Real encryption uses long long keys, complex multi faceted algorithms, often with time based mechanics, and in general, would never be human translatable.  In fact, without the key, depending on how complex the encryption is, it could take the most powerful computer in the world millions of years to break some encryption.

So, why does the UK government (and others) want to ban this important security tool?  It’s simple, they can’t break it.  The world has become aware of how the governments of the world are scooping up and reading all of the data across the Internet, and the world has turned to encryption to keep their privacy.  Websites big and small have started using SSL by default so all traffic is encrypted making reading the contents impossible by outsides.  More people are using things like VPN tunnels, TOR networks, and PGP keys for their emails, these are all useful encryption tools.

The claim of these spying agencies is that it makes it hard or impossible to “find the bad guys”.  This assertion is as ridiculous as claiming say, we need to ban White Vans because kidnappers always and only use White Vans.  Or maybe, we need to ban beards because “Terrorists always have beards”.

“Only bad guys encrypt their data”.

It’s basically applying a false sterotype and getting mad when it doesn’t fit.  Its also blatantly ignorant of the real world uses of encryption.  No one would every shop online since it would be trivial for hackers to harvest credit card data.  You may as well require you to speak your name, card number, card verification number etc out loud to the check clerk at the grocery store every time you want to buy something.

Building up to the Raspberry Pi

Raspberry_Pi_LogoI’ve been hitting the Raspberry Pi and Arduino pretty hard lately.  I plan to detail my projects some here in the future but I figured it would be good to start off with a little “why” and a little history.  I mentioned the Arduino, but I only plan on touching on the Raspberry Pi here today.

I’ve used a secondary PC for projects for a very long time now.  A second or third or even fourth PC an be extremely useful for learning more about PCs.  The main nicety is that if you want to completely wipe it out, you don’t have to worry about what to do with your important data on your main PC.  Want to try a new Linux distro?  Screwed up some configuration?  Just reformat and try again.  You can do some of this with Virtual Machines but that can mean sharing resources which isn’t always a good solution.  Also for any long term “always on” projects like a web server, having a dedicated box is generally cleaner and more secure.

The first project PC I had was my first personal PC that wasn’t “the family machine”.  When I graduated from High School, I was given a PC of my own. It was at the time a pretty “top of the line” Pentium 2 IBM with a blazing 450mhz processor.  Over the years i upgraded the hard drives and RAM and eventually the motherboard and processor.  Eventually, I found that I had a box containing all of the parts from the original machine, so I rebuilt that machine, installed Redhat Linux on it and started playing around with web server software.

During my time working IT/Engineering at my old television job, I accumulated several project machines.  When computers were upgraded, we just sort of let the old machines pile up in the back.  Sometimes these machines would go to employees if they needed a computer.  Sometimes I’d do projects at work to streamline the processes and we’d use a machine for some sort of ftp or scripted copy project.  If they were too old or just broken they’d get recycled.  I ended up with several of these machines as well.

The problem with these project machines is they are full PCs.  They need a lot of power to run, especially for something that is a very low use webserver or game server.  They also take up a lot of space.  Also, since many of the machines were used and old, they were prone to failure.  I started replacing the towers with old laptops but these have their own issues.  They take up less space and use marginally less power, but they also tend to over heat in confined spaces and if a laptop had been replaced at work, it likely had a severe issue and thus these laptops were more prone to failure and less easily repaired than the towers.

These days I’ve been phasing out the bulky old machines for Raspberry Pis.

The Pi uses way less power than a whole machine.  They are also super cheap, so buying several of them over time doesn’t really break the bank.  They aren’t super powerful, but I really don’t do anything that requires a ton of processing power, and because they are cheap, I can use several of them running single tasks to spread the load.  Frankly, they are still better than some of the towers I’ve used in the past spec wise.

So why the Pi?

There are a lot of options out in the micro PC space.  The Raspberry Pi is probably not “the best” but it’s definitely the “most supported”.  I like to learn and play around with new technology, but I’m at a point where I’m not super keen on having to fight with obscure technology.  This is pretty much the why of the Pi.  It just works.  Or at least, I can generally Google how to work it.

The Pi also runs Debian based Linux, which I am most familiar with when it comes to Linux.  Since the Pi is a full computer, it’s great for software projects.  There are GPOI pins but I’ve not really explored them yet.  I’m leaving the hardware tinkering to the Arduino for now.

Tiny Tiny RSS, Possibly my Perfect RSS Solution

rss_iconSo, I mentioned recently, I wanted to migrate off of my shared Hosting to a VPS on Digital Ocean.  One reason sited was more control over what I can do with the server.  It’s essentially just a cloud based Linux machine, I can do anything I would do on a locally hosted Ubuntu box with it.  I came across Tiny Tiny RSS recently, and it’s the perfect example of the kind of thing I wanted the VPS for.

While nowhere near the main reason, the final straw with my tolerance of Google’s increasing level of crap was the closing of Reader, a service I’d depended on pretty much since it’s inception.  I’d tried a few alternative solutions but nothing really did anything for me next tot he simplicity to Google Reader.

Eventually I just sort of lost the want for RSS feeds.  The whole web seems to be abandoning the idea 9probably because it’s not nearly as easy to plaster crap ads all over an RSS feed) so I just decided to let it go.

Recently I’ve been trying to find a good solution again.  I really hate not being able to keep up with infrequently updated blogs i find.  That’s like 90% of the reason i liked having Google Reader, so when that interesting niche blog I like that updates once ever 4 months updates, I can know.

I looked into some Firefox extensions but using them tends ot be clunky.  I’ve tried a few different apps on my phone but nothing is idea.  The biggest issue is a lack of sync across everything.

tinytinyrss

Tiny Tiny RSS is a self hosted RSS Reader.  You download it (with Git in this case), set up a database for it, and let it roll.  I’ve set it up on my little sandbox domain BloggingIntensifies.com and added feeds I was pulling with other services to it.

It’s web based, so I can get to it from anywhere.  Need number one.

It’s hosted by me, so I won’t have to worry about some “thinks they know best” company screwing me over again, need number two.

There is a built in API so it can be access via mobile with an app.  Need number 3.  BONUS!  There is even a compatible Windows Phone app.

The next step is to figure out what I did with my old list of Google Reader feeds and start loading it up.

Testing The Waters on Digital Ocean

A while back I set up a Digital Ocean VPS running OpenSIM.  I then promptly forgot about Digital Ocean.  Part of the problem was I forgot my password and form some lame reason the email didn’t show up when I searched my emails for “Digital Ocean”.  It was also more of a fun side project that didn’t really cost anything since DO gives you some credit when you sign up.

I’m thinking of using my VPS for a bit more though, specifically, as my new Web Host.  I currently use GoDaddy which works great and is affordable but I’m starting to do a bit more experimenting and coding and I feel like i could benefit from something with a little more versatility.  For a few bucks more than I currently pay for Godaddy I can get a pretty decent VPS going and at the very least host all of the blogs I currently maintain on it (currently 4 with little to no traffic, and 3 with reasonably light traffic).  i can always beef up the VPS if the load ends up being too much.

I wanted to test out the migration and set up though, I was going to move Raid-Tier over but it’s kind of in a state of limbo and i wanted something I use with some content behind it.  If I am going to discretely move my wife’s blogs over interruption free I need to KNOW I can do it and KNOW it will work.  One, she’ll get pissy if it doesn’t and two she is getting a fair amount of traffic and I’d hate to interrupt that.

So I moved Joshmiller.net here over.  I also moved my little Sandbox Project over at BloggingIntensifies.com over as well but mostly because it’s inconsequential if it gets lost somehow and I wanted a second domain on the hosting so I could make sure I’m doing the server configuration properly.

The migration wasn’t without issues.  For one, the SQL export from this blog is larger than I could get the SQL locally to import so I had to do an old fashioned WordPress import/export.  In my experience the WordPress import/export works great for small volumes of data but extremely poorly for large volumes of data.

I also had FTP issues, All of the help files for vsftp I could find were outdated (not uncommon with trying to solve Linux issues) and there is some newer “feature” i couldn’t figure out that seems to amount to “vsftp won’t run if root has ftp access”.  I’m not sure that’s right because like I said, I didn’t figure it out, i used SSH file transfer instead.  I needed to move all of the images from the old host to this host, all 3-4000 of them.  Its not a huge amount of files but it is a LOT of files.

i still have permissions issues I have not figured out.  Permissions are probably the most annoying part of using Linux, yeah yeah blah blah security, I get that, but fuck there is all this users and groups and who owns the files and who can write/use the files and what user and group are the processes using.  It’s kind of insane.  I even tried the whole “give everything full perms chmod 777” method to no success.

Which has left some broken internal links on this blog.  I’ll do some backend SQL work on it but basically, I set up the old blog to run on /Year/Month/Day/PostTitle Permalinks and the new one uses the ugly post?### style.  for some reason WordPress can’t change this setting in .htaccess and it still doesn’t work when I manually create the .htaccess file.  So screw it, for now it’s ugly links all around.

Phase two will be to pull Lameazoid and Raid-Tier over, if those go smoothly I’ll start with my wife’s less used/trafficked blog and see if she even notices, then work my way up from there.  The whole process actually should be seamless all around since ultimately the domain will point to the same structure and data on the same domain.

The point is do get a more versatile host to do some more complex projects without paying for TWO hosts.  I’d rather pay more for one host than putz with two hosts which end up costing more.  I also still plan to keep Godaddy for my domains for now, I’m not unhappy with the service over there by any means, I’ve just outgrown it.